Major security risk: Hungary’s defence system compromised in USD 5 million cyberattack

Hungary’s Defence Procurement Agency (DPA) has suffered a significant cyberattack. A hacking group known as Inc. Ransomware managed to infiltrate the agency’s network, encrypt sensitive files, and demanded a $5 million ransom to prevent the information from being leaked.

According to Telex, the hacking group has already released some files online, which may include military procurement data, financial records, and other internal documents. This breach has thus become both a national security concern and a cybersecurity disaster.

The DPA, established in 2019, is a centralised agency responsible for all defence and security-related procurements in Hungary. It oversees acquisitions ranging from military equipment to disaster management tools. This breach raises serious concerns not only about the stolen data but also about the agency’s security measures and its ability to protect critical national defence information.

Photo: Facebook/Szalay-Bobrovniczky Kristóf

The group behind the cyberattack

Inc. Ransomware is an international hacking group known for targeting government agencies globally. This group reportedly accessed the DPA’s files in October, and by 6 November, began releasing the data online. Among the leaked materials is a document from the Hungarian Defence Logistics Support Command, indicating a freeze on procurement for the coming year. For those monitoring cyber threats, this breach demonstrates the potential exposure of even highly classified information.

Although most of the stolen data was on secure networks, some has now leaked onto the open internet, which raises serious concerns. Reports indicate that portions of the data are accessible to users outside the dark web, meaning the potential fallout could be even greater than initially expected.

This breach also exposes a peculiarity in Hungary’s defence data management practices. Unlike other government agencies, the military does not rely on the National Security Service (NSS) for monitoring and security; instead, it manages cybersecurity internally. With the new EU NIS2 cybersecurity regulations coming into effect (though excluding military agencies), this incident could prompt a re-evaluation of how military data is protected.

Picture is for illustration only / Source: Pixabay

The Hungarian Government’s reaction to the cyberattack

The Ministry of Defence has confirmed the attack and acknowledged the involvement of Inc. Ransomware. They state that an investigation is underway, although they clarified that the DPA does not store the most sensitive military infrastructure data. However, this attack has raised serious questions about the agency’s cybersecurity protocols, which are now under intense scrutiny.

At a government press briefing, Minister Gergely Gulyás addressed the situation, noting that ultra-sensitive information had not been leaked. Although the attack did not expose the most critical information, the breach serves as a wake-up call for Hungarian authorities regarding the importance of safeguarding defence-related data. Despite the breach, defence procurement activities have not slowed, with spending on defence remaining robust and the government showing no indication of cutting back.

This attack underscores how vulnerable even core government functions can be to cyber threats, and the DPA may be the latest example of the urgent need for security upgrades that many agencies are overdue for.

Read also:

• The Hungarian Watergate? Opposition leader Péter Magyar exposes alleged Government surveillance plot!
• Hungarian minister shared what the Russians stole from foreign ministry with their cyberattack – Daily News Hungary